The exponential rise in the cyber crimes in India is posing a serious threat to the business continuity. However, under reporting of cyber attack is increasing the complexity of cyber security scenario in the Indian corporate world. Despite the fact that enterprises with a fragile security mechanism are the easy target for the cyber criminals, organisations are reluctant to report the cyber crimes to the law enforcement agencies. KPMG India exposed the state of cyber security in the corporate sector in its ‘Cybercrime survey report 2015’ published recently.
The report, which was conducted among 250 C suite executives across the industries, revealed that Cyber incidents have not only risen sharply in 2015, but also lean more towards cyber crimes with financial motives. The report also highlighted some of the new trends like Corporate espionage, Man in the Middle attacks, illegal of bitcoins in cash embezzlement.
“Cybercrime is no longer restricted to a small set of the population. Cybercrime is becoming a worldwide threat not only for the government, but the corporation in a large way. Around 50 percent of the global CEOs don’t actually believe that their organisations are ready to face the cyber attacks. 75 percent of C suite level executives accepted that they do not have the right infrastructure or they do not bring the cyber threat that is prevalent in the company at the board level. Therefore, there is an urgent need to create awareness about the cyber crimes and build a mechanism to tackle the advance security attacks”, said, Mritunjay Kapur, Partner and Head, Risk Consulting, KPMG in India.
Ahmad Javed – Commissioner of Mumbai Police said that despite of the serious implications of cyber crimes, companies do not bring security breach incidents to the notice of the law enforcement agencies. “We come across the incidents where enterprises do not report the cyber crimes to the police citing its probable impact on the shares and the brand image. We are determined to curb the cyber crimes and therefore, we seek active participation from the enterprises”, Javed said.
Javed said that Mumbai police has been running several programs to make awareness in the entire Ahmad strata of the society and one of the key initiatives is how to effectively engage with the enterprises and the corporate and increase the awareness. “Having known danger and not putting effective mechanism to counter that is a matter of concern. We urge the C sweat executives to look at the survey very seriously. People don’t report cyber crimes in the fear of their shares getting affected. However, under reportage is not going to solve the problem, rather it will increase the complexity of cyber crimes”, he said.
According to the report, 74 per cent company heads believe that the BFSI sector is a top target for cybercrime with 63 percent indicating these crimes more often than not amount to a gross financial loss. Moreover, 64 percent C-suite executives indicated that CEO, directors and top level executives are most vulnerable to the security breach and often targeted by hackers. On the alarming note, 54 per cent indicated that spend on cyber defences is less than 5 percent of IT spend. Shockingly, 74 percent top executives accepted that there is little or no cyber risk analysis audit done and therefore, there is no effective mechanism to counter the cyber security menace.
“Cybercriminals have understood the potential of an illicit financial gain and have begun executing highly sophisticated technology-driven frauds. These cyberfrauds, by nature, are complex and difficult to detect. Organisations need to strengthen their cyber incident response process along with building strong prevention and detection systems. Cyber forensics therefore is becoming a critical component of fraud investigations.” - Mohit Bahl, Partner and Head Forensics, KPMG in India
Kapur said that Continuous evaluation of cyber security programs and coordination with the law enforcement agencies would help enterprises to stop cyber criminals from snooping into their organisation.
“Financial crimes like corporate espionage are bringing down organizations. Therefore, right prioritization of enterprise security is very critical. The enterprises need to identify the critical assets that need to be protected and find out security holes. Establishment of accountability metrics, robust response mechanism, visibility in terms of how the industry is dealing with it and sharing of the information are very essential elements to protect the organisation from advanced cyber attacks”, said Kapur.